From 6ebfe9497309875c7cffa6c23d72a5012e5f9d27 Mon Sep 17 00:00:00 2001
From: fulsiram <79424365+fulsiram@users.noreply.github.com>
Date: Thu, 10 Aug 2023 12:28:00 +0200
Subject: [PATCH 1/5] Fix typo in find backups command

---
 linux-hardening/privilege-escalation/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-hardening/privilege-escalation/README.md b/linux-hardening/privilege-escalation/README.md
index 1acf8ee6..798d841a 100644
--- a/linux-hardening/privilege-escalation/README.md
+++ b/linux-hardening/privilege-escalation/README.md
@@ -1487,7 +1487,7 @@ ls -alhR /opt/lampp/htdocs/ 2>/dev/null
 ### **Backups**
 
 ```bash
-find /var /etc /bin /sbin /home /usr/local/bin /usr/local/sbin /usr/bin /usr/games /usr/sbin /root /tmp -type f \( -name "*backup*" -o -name "*\.bak" -o -name "*\.bck" -o -name "*\.bk" \) 2>/dev/nulll
+find /var /etc /bin /sbin /home /usr/local/bin /usr/local/sbin /usr/bin /usr/games /usr/sbin /root /tmp -type f \( -name "*backup*" -o -name "*\.bak" -o -name "*\.bck" -o -name "*\.bk" \) 2>/dev/null
 ```
 
 ### Known files containing passwords

From 381e1d86e0738f5b4de95a95981a042b97ffe7fe Mon Sep 17 00:00:00 2001
From: fulsiram <79424365+fulsiram@users.noreply.github.com>
Date: Thu, 10 Aug 2023 12:31:18 +0200
Subject: [PATCH 2/5] Fix broken markdown in GDB script section

---
 linux-hardening/privilege-escalation/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-hardening/privilege-escalation/README.md b/linux-hardening/privilege-escalation/README.md
index 798d841a..6de62c78 100644
--- a/linux-hardening/privilege-escalation/README.md
+++ b/linux-hardening/privilege-escalation/README.md
@@ -278,7 +278,7 @@ done
 
 #### /proc/$pid/maps & /proc/$pid/mem
 
-For a given process ID, \*\*maps show how memory is mapped within that process's \*\*virtual address space; it also shows the **permissions of each mapped region**. The **mem** pseudo file **exposes the processes memory itself**. From the **maps** file we know which **memory regions are readable** and their offsets. We use this information to **seek into the mem file and dump all readable regions** to a file.
+For a given process ID, **maps show how memory is mapped within that process's** virtual address space; it also shows the **permissions of each mapped region**. The **mem** pseudo file **exposes the processes memory itself**. From the **maps** file we know which **memory regions are readable** and their offsets. We use this information to **seek into the mem file and dump all readable regions** to a file.
 
 ```bash
 procdump()

From abe1deb5a26351d880f5ef20c1d534902ba535b2 Mon Sep 17 00:00:00 2001
From: fulsiram <79424365+fulsiram@users.noreply.github.com>
Date: Thu, 10 Aug 2023 12:33:47 +0200
Subject: [PATCH 3/5] Fix command

---
 linux-hardening/privilege-escalation/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-hardening/privilege-escalation/README.md b/linux-hardening/privilege-escalation/README.md
index 6de62c78..cc242543 100644
--- a/linux-hardening/privilege-escalation/README.md
+++ b/linux-hardening/privilege-escalation/README.md
@@ -1459,7 +1459,7 @@ find / -name '*.db' -o -name '*.sqlite' -o -name '*.sqlite3' 2>/dev/null
 ### \*\_history, .sudo\_as\_admin\_successful, profile, bashrc, httpd.conf, .plan, .htpasswd, .git-credentials, .rhosts, hosts.equiv, Dockerfile, docker-compose.yml files
 
 ```bash
-fils=`find / -type f \( -name "*_history" -o -name ".sudo_as_admin_successful" -o -name ".profile" -o -name "*bashrc" -o -name "httpd.conf" -o -name "*.plan" -o -name ".htpasswd" -o -name ".git-credentials" -o -name "*.rhosts" -o -name "hosts.equiv" -o -name "Dockerfile" -o -name "docker-compose.yml" \) 2>/dev/null`Hidden files
+find / -type f \( -name "*_history" -o -name ".sudo_as_admin_successful" -o -name ".profile" -o -name "*bashrc" -o -name "httpd.conf" -o -name "*.plan" -o -name ".htpasswd" -o -name ".git-credentials" -o -name "*.rhosts" -o -name "hosts.equiv" -o -name "Dockerfile" -o -name "docker-compose.yml" \) 2>/dev/null
 ```
 
 ### Hidden files

From cdc7ed76dc0bc343ab7615298eeb3ddd145474fb Mon Sep 17 00:00:00 2001
From: fulsiram <79424365+fulsiram@users.noreply.github.com>
Date: Thu, 10 Aug 2023 12:51:00 +0200
Subject: [PATCH 4/5] Fix broken link in ForwardAgent section

---
 linux-hardening/privilege-escalation/README.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/linux-hardening/privilege-escalation/README.md b/linux-hardening/privilege-escalation/README.md
index cc242543..5dd70dcb 100644
--- a/linux-hardening/privilege-escalation/README.md
+++ b/linux-hardening/privilege-escalation/README.md
@@ -1339,7 +1339,11 @@ Notice that if `Host` is `*` every time the user jumps to a different machine, t
 The file `/etc/ssh_config` can **override** this **options** and allow or denied this configuration.\
 The file `/etc/sshd_config` can **allow** or **denied** ssh-agent forwarding with the keyword `AllowAgentForwarding` (default is allow).
 
-If you Forward Agent configured in an environment \[**check here how to exploit it to escalate privileges**]\(ssh-forward-agent-exploitation.md).
+If you find that Forward Agent is configured in an environment read the following page as **you may be able to abuse it to escalate privileges:**:
+
+{% content-ref url="ssh-forward-agent-exploitation.md" %}
+[ssh-forward-agent-exploitation.md](ssh-forward-agent-exploitation.md)
+{% endcontent-ref %}
 
 ## Interesting Files
 

From b91776091d7a64fe0a14bb489aaffcdb38a647bb Mon Sep 17 00:00:00 2001
From: fulsiram <79424365+fulsiram@users.noreply.github.com>
Date: Thu, 10 Aug 2023 12:56:53 +0200
Subject: [PATCH 5/5] Fix double colon in SSH ForwardAgent section

---
 linux-hardening/privilege-escalation/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-hardening/privilege-escalation/README.md b/linux-hardening/privilege-escalation/README.md
index 5dd70dcb..341ad6a3 100644
--- a/linux-hardening/privilege-escalation/README.md
+++ b/linux-hardening/privilege-escalation/README.md
@@ -1339,7 +1339,7 @@ Notice that if `Host` is `*` every time the user jumps to a different machine, t
 The file `/etc/ssh_config` can **override** this **options** and allow or denied this configuration.\
 The file `/etc/sshd_config` can **allow** or **denied** ssh-agent forwarding with the keyword `AllowAgentForwarding` (default is allow).
 
-If you find that Forward Agent is configured in an environment read the following page as **you may be able to abuse it to escalate privileges:**:
+If you find that Forward Agent is configured in an environment read the following page as **you may be able to abuse it to escalate privileges**:
 
 {% content-ref url="ssh-forward-agent-exploitation.md" %}
 [ssh-forward-agent-exploitation.md](ssh-forward-agent-exploitation.md)